Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information,
see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module,
and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature
Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for
EVPN VxLAN L3

VNI range CLI
for L3VNI is not supported.

Egress traffic
stops, if local VNI is down.

L3 VNI and L2
VNI co-existence in the same bridge domain as L3 VNI is not supported.

Route
Targets

For each VRF on the
DCI router, there are two sets of manually configured import and export
route-targets. One set of import and export route-targets is associated with
the Data Center BGP neighbor that uses EVPN address-family to exchange L3
information; the other set of import and export route-targets is associated
with the L3VPN BGP neighbor that use VPNv4 unicast address-family to exchange
L3 information. This separation of route targets (RTs) enables the two sets of
RTs to be independently configured. The DCI router effectively stitches the two
set of RTs. The RTs associated with the EVPN BGP neighbor are labelled as
stitching RTs. The RTs associated with the L3VPN BGP neighbor are normal RTs.

A new keyword is
added to the existing route-target configuration to specify the route targets
to be used when doing EVPN-VXLAN related processing. The base (existing) route
target configuration does not affect EVPN-VXLAN related processing. You can
have the same RT values for both base and VxLAN routes.

Local VPNv4 Routes
Advertisement

On the DCI router,
the locally sourced VPNv4 routes can be advertised to the BGP EVPN neighbors
with the normal route targets (RTs) configured for the VRF or the stitching RTs
associated with the BGP EVPN neighbors. By default, these routes are advertised
with the normal route targets.

Note

You cannot configure the advertise command for VPNv4 or VPNv6
neighbors. RTs can be applied only to the sourced routes and routes learned
from VRF neighbors.

Data Center VXLAN
with Support for MP-BGP

The Data Center
VXLAN uses MP-BGP for control-plane learning of end-host Layer 2 and Layer 3
reachability information. The DCI router is configured with a VXLAN Tunnel
EndPoint (VTEP). You also need to run the host-reachabilty protocol BGP command
to specify that control-plane learning within Data center site is through BGP
routing protocol.

EVPN Route
Targets

A new keyword is added to the existing route-target configuration to
specify the route targets to be used when doing EVPN-VXLAN related processing.
The base (existing) route target configuration does not affect EVPN-VXLAN
related processing. You can have the same RT values for both base and vxlan
routes

MAC/IP Advertisement Route and IP Prefix Route is supported. The l2vpn
evpn address-family can be configured and neighbors can exchange EVPN NLRI. The
l2vpn-evpn-prefix-advertisement is supported fully and for the non-MAC portions
only the NLRI is supported. IP Prefix route type is added to carry IP prefixes.
The IP Prefix NLRI can carry IPv4 Prefix or IPv6 Prefix. The NLRI length
determines whether it has IPv4 Prefix or IPv6 Prefix.

EVPN RT5 and RT2 that contain a RT matching an import “stitching RT”
specified in a vrf configuration is accepted by the router and imported into
the corresponding BGP L3VPN vrf. The resulting L3VPN prefix retains the same
route target. L3VPN routes that are imported into EVPN via “advertise l2vpn
evpn” contains route targets specified by that vrf’s export “stitching RT”. Any
original route targets is removed.

Bridge Domain Interface

Bridge Domain Interface (BDI) is used for Inter-VLAN routing for EVC.
It supports ping from local BDI interface to peer BDI/BVI/SVI. ARP is not used
to resolve adjacency. BGP is asked to advertise the BDI IP address in EVPN
route and use RMAC as an adjacency.

Downstream VNI

A downstream VNI is assigned at the downstream BGP peer. The BGP peer
sends VNI as part of EVPN route type 2 or 5, so that it can use the VNI to send
EVPN traffic to peer. This VNI is called as egress VNI; this egress VNI is used
to send EVPN traffic to peer on data path. BGP also sends the local VNI to peer
as part of EVPN route type 2 or 5 and it is expected from the peer to send EVPN
traffic with the VNI, so that it can route the PKT to right VRF. This VNI is
called as ingress VNI.

For the local VNI, VNI number range is 4k to 16m. For the egress VNI,
valid VNI number range can be any valid VNI number, from 1-16m.

Router MAC

EVPN introduces a
Router’s MAC extended community to exchange Router’s MAC between EVPN peer. BGP
send BDI’s MAC address to EVPN Peer as its RMAC. By default, all the BDI
interface share the same MAC address, so all EVPN VRF will send the same RMAC
to EVPN peer by default. It is flexible to configure MAC address of BDI
interface. So, it is possible that different EVPN VRF may send different RMAC
to EVPN peer.

VRF Lite

VRF-lite (VPN
routing/forwarding) allows a service provider to support two or more VPNs with
overlapping IP addresses. VRF-lite is achieved by configuring sub-interfaces
(VLANs) on a physical interface and by putting each sub-interface in a VRF.

EVPN Route Type 2 - MAC Advertisement Route

MAC Advertisement Route can be used to carry only MAC Address or MAC
Address and IP Address (/32 for IPv4 or /128 for IPv6).

L3 VRF EVPN Import

To advertise L3 VPN
routing and forwarding (VRF) prefixes to EVPN neighbors define a new import
type that takes prefixes from VRF neighbors, redistributed VRF routes, and
import them into EVPN table. The import of VRF routes is controlled per VRF.
The import of VRF is performed only when
advertise
l2vpn evpn is configured under that VRF and local VTEP is up.

EVPN DCI Solution

ASR1000 (IOS-XE Platform) series routers, acting as a Data Centre
Interconnect (DCI) device can be deployed at the edge of two Cisco Data Center
solutions, that is, Nexus 9000 Standalone-mode Data Centre or Nexus 9000
ACI-mode Data Centre. It provides flexible and safe WAN connections to the
Internet or Branch sites with multiple different WAN types. Currently ASR1000
supports multiple WAN connection types, including iWAN, MPLS VPN(PE and ASBR),
DMVPN, and VRF Lite. You can also deploy more than one ASR1000 router as
multihoming deployment, if you require traffic load balancing, redundancy or
customized path selection policy based on special requirements of different
applications.

How to Configure
EVPN VxLAN L3

The following is
the sample topology that is used as an example to explain the configuration of
this feature.

EVPN Interconnect
With MPLS VPN as ASBR

In the scenario explained in the below figure shows, EVPN routes from
the DC side get imported into VRFs at the ASR1k. These routes are in turn
re-originated to the WAN side MPLS core network via VPN routes to ASBR using a
variation of MPLS-VPN Inter-AS option AB. There is only 1 BGP peering between
the ASR1k and the ASBR, but the forwarding happens on multiple VRF
sub-interfaces.

Configuring
Inter-AS Option AB

The following sections describe how to configure the Inter-AS Option AB
feature on an ASBR for either an MPLS VPN or an MPLS VPN that supports CSC:

Note

If Inter-AS Option AB is already deployed in your network and you
want to do Option B style peering for some prefixes (that is, implement
Inter-AS Option AB+), configure the
inter-as-hybrid global command as described
in the “Configuring the Routing Policy for VPNs that Need Inter-AS Connections”
section.

Configuring the
VRFs on the ASBR Interface for Each VPN Customer

Use the following steps to configure the VRFs on the ASBR interface for
each VPN customer so that these VPNs have connectivity over the MPLS
VPN--Inter-AS Option AB network.

Note

The
mpls bgp forwarding command is used only on the ASBR
interface for VRFs that support CSC.

Use all of the steps in the following procedure to configure additional
VRFs that need to be configured on the ASBR interface and the VRFs that need to
be configured on the peer ASBR interface.

Enable privileged EXEC mode. Enter your password if prompted.

enable
Example:
Router> enable

Enter global configuration mode.

configure terminal
Example:
Router# configure terminal

Specify the interface to configure and enter the interface
configuration mode.

The
type argument specifies the type of
interface to be configured.

The
number argument specifies the port,
connector, or interface card number.

(Optional) Configures BGP to enable MPLS forwarding on connecting
interfaces for VRFs that must support MPLS traffic.

This step applies to a CSC network only.

mpls bgp forwarding
Example:
Router(config-if)# mpls bgp forwarding

(Optional) Exits to privileged EXEC mode.

end
Example:
Router(config-if)# end

Configuring MP-BGP
Session Between ASBR Peers

BGP propagates reachability information for VPN-IPv4 prefixes among PE
routers by means of the BGP multiprotocol extensions (see RFC 2283,
Multiprotocol Extensions for BGP-4 ), which define support for
address families other than IPv4. Using the extensions ensures that the routes
for a given VPN are learned only by other members of that VPN, enabling members
of the VPN to communicate with each other.

Follow the steps in this section to configure the MP-BGP session on the
ASBR.

Use all of the steps in the following procedure to configure the MP BGP
session on the peer ASBR.

Enable privileged EXEC mode. Enter your password if prompted.

enable
Example:
Router> enable

Enter global configuration mode.

configure terminal
Example:
Router# configure terminal

Configures a BGP routing process and places the router in router
configuration mode.

The
as-number argument indicates the number of an
autonomous system that identifies the router to other BGP routers and tags the
routing information passed along. Valid numbers are from 0 to 65535. Private
autonomous system numbers that can be used in internal networks range from
64512 to 65535.

router bgp as-number
Example:
Router(config)# router bgp 100

Adds an entry to the BGP or multiprotocol BGP neighbor table.

The
ip-address argument specifies the IP
address of the neighbor.

The
peer-group-name argument specifies the
name of a BGP peer group.

The
as-number argument specifies the
autonomous system to which the neighbor belongs.

Specifies that the next-hop address for BGP updates to be set
on paths that are imported to the VRF and that are received from an Option AB+
peer are placed in the global routing table.

The address used is the address of the interface that is at the
remote end of the external BGP (eBGP) global shared link. The next-hop context
is retained as global and not modified to that of the importing VRF.

Configuring EVPN
Interconnect With MPLS VPN as PE

ASR1000 supports
direct prefix redistribution between BGP VPNv4 and BGP L2VPN EVPN address
families. ASR1000 can act as gateway of Data Centre network and PE of MPLS VPN
network both. It receives MPLS VPN prefixes from P/PE routers and these
prefixes can be imported into BGP EVPN rib and then forwarded to DC's spine via
BGP EVPN session. It can also import BGP EVPN prefixes sent by spine into BGP
VPNv4 rib and send to P/PE in MPLS VPN network. During the prefixes
redistribution, ASR1k set itself as the next-hop of the prefix before sending
update to its neighbors.

In this release
(16.4.1), ASR1000 only supports only bi-directional redistribution between EVPN
and VPNv4. Redistribution between EVPN and VPNv6 is not supported.

In the scenario
explained in the below figure shows, ASR1k acting as a PE in the MPLS-VPN
network. Firstly, VRF is needed for the EVPN RT-5 routes to be imported, and
then re-originate as VPN route into the MPLS-VPN side. VPN route that is learnt
from the MPLS-VPN side will then first be imported into VRF, and the
re-originated into EVPN as RT-5 routes.

MIBs

Technical
Assistance

Description

Link

The
Cisco Support website provides extensive online resources, including
documentation and tools for troubleshooting and resolving technical issues with
Cisco products and technologies.

To
receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.

Access
to most tools on the Cisco Support website requires a Cisco.com user ID and
password.

Feature
Information for EVPN VxLAN L3

The following table provides release information about the feature or features described in this module. This table lists
only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise,
subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco
Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.